How boards can better manage disruptive risks

Boards of directors tend to be diligent in overseeing risks that management has identified, but this focus can lead to blind spots and leave businesses vulnerable to disruptive risks, according to the US National Association of Corporate Directors.

Disruptive risks can be triggered by new technologies changing the way people do business, economic and political uncertainties, or dramatic shifts in demand. These risks are defined as complex and fast moving and can have sudden and catastrophic effects on a business’s revenue, profitability, competitive position, and reputation, according to an NACD Blue Ribbon Commission report.

“They can make or break a company,” said Sue Cole, NACD Blue Ribbon Commission co-chair and director at Biscuitville, Diversified Trust, and Martin Marietta Materials, at the release of the report on 1 October at the Global Board Leaders’ Summit in Washington.

Sixty-two per cent of public and private company board members polled by the NACD earlier this year considered disruptive risks as much more important than five years ago. Nearly half of the respondents said their board’s tendency was to focus too much on known risks, and this focus presented a significant obstacle to the board’s ability to understand and oversee disruptive risks.

Also, less than 20% of the directors polled said they were extremely or very confident in management’s ability to address disruptive risks.

Reliance on known information, downplaying the significance of negative data, false causality, loss aversion, and a tendency to default to the views of others can prevent management and other members of an organisation from seeing “the forest, rather than the trees”, meaning board members are uniquely placed to identify disruptive risks, according to the NACD Blue Ribbon Commission report.

“The important thing is to establish an environment in the boardroom of challenging and questioning,” Cole said. “You may not know what the risks are, what the unknown unknowns are, but by asking questions you can get closer to identifying them.”

The NACD Blue Ribbon Commission report, which was led by a group of more than 25 experienced directors and leading governance professionals, contains 11 recommendations to help boards strengthen their oversight of disruptive risks.

“The report is to help boards and managers define what disruptive risks look like and better assess disruptive risks,” said Kelvin Westbrook, director at Archer Daniels Midland Co., Camden Property Trust, Mosaic, and T-Mobile. “We want to help boards evaluate the culture of the board, including on the level of openness, shared concerns, and bad news.”

“Board members can be a company’s greatest asset by embracing an adaptive approach to governance that helps anticipate unknown risks,” added NACD CEO Peter Gleason.

Directors bring perspective

This guidance includes improving visibility of disruptive risks in the boardroom, staying informed about company and industry developments, and conducting deeper dives with management on disruptive risks and their implications for the organisation’s strategy.

The report also highlights the importance of fostering skills, including information gathering, that can help navigate disruptive risks.

“As board members we have different experiences than other members of the organisation. We may see or hear things outside the boardroom or from other organisations,” said Westbrook.

Disruptive risks are not just about threats. Board members are well placed to spot the opportunities that disruption brings.

“I think it is about education and learning, too,” said Westbrook. “How many of us are aware of AI or big data or are utilising the data that is available to us? Board members need to find the tools and skills to navigate disruption. Board members should be willing to learn about new things outside the boardroom so you can better engage in discussions with management and third parties.”

How boards can improve risk management

The NACD Blue Ribbon Commission had these 11 recommendations for board members to better manage disruptive risks:

1. Develop an understanding of disruptive risks and consider them in the context of the organisation’s specific circumstances, strategic assumptions, and objectives.

2. Consider how to incorporate disruptive risks into the scope of the board’s risk oversight responsibilities at the full-board and/or key-committee levels.

3. Ensure that the organisation’s fundamental enterprise risk management processes are effective, but recognise that these processes may not necessarily capture disruptive risks.

4. Evaluate regularly aspects of boardroom culture such as openness to sharing concerns, potential problems, or bad news; response to mistakes; and acceptance of nontraditional points of view.

5. Include in the CEO selection and evaluation process assessments of his or her leadership abilities in an environment of disruptive risks.

6. Ensure that the organisation’s talent strategy reflects a proactive approach to the skills and structure needed to navigate disruptive risks.

7. Be willing to step off the board when your skills are no longer relevant. Director renominations should not be a default decision.

8. Understand that board diversity is a strategic imperative, not a compliance issue.

9. Establish requirements for ongoing learning by all directors, and incorporate them into the board’s evaluation process.

10. Ensure board-level risk reports provide forward-looking information about changing business conditions and potential risks in a format that enables productive dialogue and decision-making.

11. Establish time on the board agenda at least once a year for a substantive discussion of the company’s vulnerability to disruptive risks. Consider using approaches such as scenario planning, simulation exercises, and stress-testing to inform these discussions.

— Richard N. Williams is a freelance writer based in the UK. To comment on this article or to suggest an idea for another article, contact Sabine Vollmer, an FM magazine senior editor, at Sabine.Vollmer@aicpa-cima.com.